I authenticate using OAuth 2.0 authorization code workflow successfully and get redirected back to Postman. Here is more information on the Azure DevOps REST API I am trying to do.
In the console, I get an error: request URL is empty
I do not see the authorization code in the response for me to parse, but if I expand the error message and look in the Request Body > code, my authorization code is there!
I am able to use the authorization code to successfully obtain an Access Token as well.
Steps to reproduce error:
I set all of the values in the OAuth 2.0 form
I click Get New Access Token
I get redirected to my browser to accept
I get a successful authentication & get redirected back to Postman
I get the Authorization code in the request body of a console error (I also get the auth code in the URL after authenticating)
On step #5, I expect to get redirected back to Postman successfully with the authorization code in the body of the message.
EDIT: The solution below works for the Azure API with a scope of https://graph.microsoft.com. If the scope is https://app.vssps.visualstudio.com (which is what I'm using), the solution will not work oddly enough.
Please try my steps to get access token with OAuth 2.0 in Postman.
POST https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token
Callback URL: the Redirect URI in Application > Authentication. It is required. Don't select Authorize using browser.
Auth URL: https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize
Access Token URL: https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token
For more information, you could refer to the blog which uses oauth2 v1.0.
Related
I am using POSTMAN to test OAuth2.0 AuthCode flow for MSGraph. Following are details of the same:
AuthCode URL : https://login.microsoftonline.com/{tenant_id}/oauth2/authorize
AccessToken URL : https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token
When i did some research to see how to test OAuth2.0 using POSTMAN. I was able to find some threads which helped me to generate the access token and hit the user profile api to get the user details as shown in the screenshot below:
But, i have a weird requirement where in, i would like to generate an AuthCode in a separate request, then use it in another request to get the Access Token and then use the access token to get the user details in a separate request.
Can someone please help me with the Above requirement.
You can first request the authorization code in your browser:
https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize?
client_id={your-client-id}
&response_type=code
&redirect_uri=https://localhost:4500/web/completeoauth/ms
&response_mode=query
&scope=https://graph.microsoft.com/mail.read
&state=12345
Then use the authorization code to request the token in postman:
Update:
If you don’t want to use a browser, just don’t check the Authorize using browser checkbox, and then set the Callback URL to your Redirect URIs. When you request a token, it will prompt you to log in.
After you log in,it will return the access token directly to you.But you will not see the code, this is because the system directly exchanges your code for token and returns it to you.
In Postman, in the test tab of the first request, you need to store the AuthCode in an environment variable: pm.environment.set("authCode", authCode).
You then can use that in the pre-request script of the next request via pm.environment.get("authCode") or in the headers or as url parameter: {{authCode}}.
I am getting redirect 302 error for my HTTP request in my logic app.
The scenario is that I have a logic app where I want to fetch data from an API endpoint. The API endpoint is protected and I need to provide an access token to be able to access the api.
To be able to connect to the API with an access token I have created an service principal in Azure AD (spn) to use in the logic app.
The logic app contains right now of two HTTP actions:
The first HTTP action makes a request against https://login.microsoftonline.com/<tenantId>/oauth2/token
with client_id, client_secret and tenant_id of the service principal to get an access token which I can use to authenticate against the API.
The second HTTP action makes a request against the API endpoint
with Header
Authroization = Bearer
but I only get 302 Redirect as response.
I have verified that everything is working as expected with Postman with the same requests as explained above.
Any ideas on how to get around this issue?
Redirect screenshot
Logic App workflow
I've found the cause of this issue. It was in fact something wrong with the token, the logic app successfully acquired the Bearer token, however, However, in the POST request against : https://login.microsoftonline.com/tenantId/oauth2/token
I had specified the following:
grant_type=client_credentials
&client_id=<clientId>
&client_secret=<clientSecret>
&resource=https://something.com <- (HERE I forgot an "/")
I found this when I tried using the token aquired in the logic app in postman and it returned a redirect and invalid token.
Thanks for the help all.
I have some troubles trying to call an Azure Function (code) with Postman.
I have already set up the Authentication / Authorization and settings.
It's working with my browser (with login page).
But when I try to use Postman, I'm getting 401 :
"You do not have permission to view this directory or page."
I also tried to use the Postman built-in (see configuration) Oauth2 to login. I can successfully get the tokens (access and refresh). But it seems that my API request to functions are not working...
Here is the final API Call: postman screenshot
The aad tenant_id starts with 8d6, the application client_id starts with 226, and the app secret ends with Av2.
Is there anything wrong ... ? It looks like actually, Azure Functions handle only Cookies for the authentication, that's why it's working with the browser and not Postman. How can I make it works with the header Authorization / Bearer ?
Thanks for your help !
The way you got the access token is not correct. Just like #Marc said, in your Postman you are not specifying a resource or scope. The postman get new access token tool only has the scope parameter, so you should use the v2.0 endpoint to get the access token.
Auth URL:
https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize
Access Token URL:
https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token
Scope:
{clientId}/.default
I got this error trying to get an auth token from Sharepoint REST api. My SP is cloud based and I am using Postman to test the requests, as a previous attempt similarly ran into a dead end when much troubleshooting back and forth with Msoft lead no where .. Anyway, I have the following error and I was wondering if anyone could help me figure out what it is or how I can troubleshoot this issue.
error_description: "AADSTS50169: The realm 'realm' is not a configured realm of the current service namespace"
error_codes : 50169
I followed this tutorial
Thanks!
Edit: I went through and started again, this tut seems to be working I guess I may have missed a step (my guess is I didn't correctly configure the app permissions with xml when creating the app)
To do authorization of SharePoint online and use REST API via Postman, here is a solution for your reference:
First: get security Token
Access [https://login.microsoftonline.com/extSTS.srf] via Http Post method. The content of the http request is as follows.
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope"
xmlns:a="http://www.w3.org/2005/08/addressing"
xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-
utility-1.0.xsd">
<s:Header>
<a:Action
s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</a:Action>
<a:ReplyTo>
<a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
</a:ReplyTo>
<a:To s:mustUnderstand="1">https://login.microsoftonline.com/extSTS.srf</a:To>
<o:Security s:mustUnderstand="1"
xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<o:UsernameToken>
<o:Username>[username]</o:Username>
<o:Password>[password]</o:Password>
</o:UsernameToken>
</o:Security>
</s:Header>
<s:Body>
<t:RequestSecurityToken xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
<wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<a:EndpointReference>
<a:Address>[endpoint]</a:Address>
</a:EndpointReference>
</wsp:AppliesTo>
<t:KeyType>http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey</t:KeyType>
<t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType>
<t:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</t:TokenType>
</t:RequestSecurityToken>
</s:Body>
</s:Envelope>
The demonstration screenshot in Postman:
And the response content will include a security token as below, we can use this security token to get Access Token of SharePoint.
Second: get Access Token
Here i show you how to get access token of SharePoint online using the security token and SharePoint Rest API.
Access [https://yourdomain.sharepoint.com/_forms/default.aspx?wa=wsignin1.0] via http Post method. The content of the request is the security token that we have got above as below.
And the response as below:
We can see that there are two cookie, rtFa and FedAuth in response header, and these two cookie need to be added to the request in subsequent request.
Third: get Request Digest
Access [https://yourdomain.sharepoint.com/_api/contextinfo] via http Post method with that two cookies which we have got above.
And the response as below:
This is the final Token we want!
Then we can use REST API of SharePoint, we only need to add this token and the previous two cookie, as shown in the following figure.
I'm using Ember.js and Node. I already have json web token based authentication set up and am now trying to use LinkedIn's REST API to get information for my user profiles.
I'm able to redirect my users to the LinkedIn authorization code endpoint (Step 2 in this guide: https://developer.linkedin.com/docs/oauth2), but I'm getting stuck on Step 3 (Exchange Authorization Code for Access Token). When I make the POST request with the correct parameters, I get a 401 unauthorized_client error no matter how I try and make the request.
I'm making the request directly from my Node server, and using the request module. I've tried including the params as query params, and as part of the body. I've tried adjusting the headers and the url encoding but nothing seems to change the 401 error.
This is the call I need to be making according to the guide:
POST /uas/oauth2/accessToken HTTP/1.1
Host: www.linkedin.com
Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code&code=987654321&redirect_uri=https%3A%2F%2Fwww.myapp.com%2Fauth%2Flinkedin&client_id=123456789&client_secret=shhdonottell
This should not happen if you are POSTing the correct parameters. You can rather try it with an alternative way. With the authorization code you received in Step 2, use request based service like POSTMAN and try getting the response again. If you get it using that it means there has been some error while you are making the request.
Make sure to properly provide the headers.
Even after the POSTMAN service if you get an unauthorized response, confirm your client_id and client_secret.
Please note that for 2-legged authentication, the grant_type should always be "client_credentials". Also, you only need to supply the client_id and client_secret as parameters, nothing more. See the sample in the LinkedIn documentation. It looks like you try to do a 3-legged authentication request.